Four IT professionals discuss their top security, desktop virtualization issues and how they handle them

Schools are for learning, and the information technology and security professionals who support networks and applications in the nation's K-12 and university systems are discovering new tactics in what can be challenging IT environments. Here we talk to four professionals in the education realm to get a sense for their top IT issues and what they do to handle them.

Do vulnerability-assessment on software before you buy it

That's the philosophy adopted at West Virginia University (WVU), which increasingly is asking software vendors to agree to submit their products to a vulnerability-assessment examination before it's purchased. "It's part of the contract process," says Alex Jalso, assistant director of information security at WVU, which uses the IBM AppScan Enterprise software vulnerability-assessment tool to analyze and remediate code vulnerabilities and weaknesses.

Jalso says the analysis process lets the school look deeper into code, which is the intellectual property of the vendor, and for its part the school agrees to work under non-disclosure about any issues that arise. The university hasn't yet gotten all its software vendors on board, but it's headed in that direction. And AppScan is also used by the university to analyze any security weaknesses in the in-house developed Web applications before they go into production. Why is this important? Jalso says it's about being pro-active in identifying software weaknesses that might otherwise become a route for attack by hackers and malware.

There are a lot of legal issues to consider, too, such as not violating data-protection guidelines related to HIPAA, FERPA and PCI rules. The basic idea is it's not too much to ask for someone to prove their software can pass a vulnerability test — if fact, pass it not once, but again and again as the code base changes, Jalso says.

Change vendors -- not your expectations

Ross Elliott is manager of network operations at Brick Township Public Schools in New Jersey, a district with 12 schools and 10,000 students. The IT department for the school district provides wired and wireless access for students and faculty. But earlier this year, the more open portion of the wireless network showed signs of strain with so many students using it for Internet access. As a side effect, the Astaro firewall and the Comcast service "were not playing together well," says Elliott, who thinks the firewall's proxy-based setup was likely a factor but "we were upset at the support we were receiving."

Network availability was getting shakier and it was on his birthday in June, when the wireless network was limping along at its dismal worst and "in the IT department, we were getting bombarded with phone calls." The school system was able to sort out the network issues over the summer, upgrading speed and switching to a SonicWall firewall. Elliott says more changes may be needed to the nature of network access at the school to meet the demands of mobile devices.

In another case where a decision was made to switch, New York City-based Columbia Grammar and Preparatory School, which supports about 450 Apple Macintosh computers for use in classrooms, had not been happy with the performance of its Apple servers over a considerable period. So it switched to Windows servers over the past summer, which has shown better performance than the Apple servers in support of the Macintosh computers, according to Adam Gerson, co-director of technology at the independent college prep school. Though he's a self-professed "Mac lover" at a "Mac school," he didn't let that stop him from trying something other than Apple for servers.

Fix it frugally

Like many school systems in the country today, teachers are doing more routine procedures online rather than with paper, and that's the case at Belchertown School District in Massachusetts which consists of five schools. There, teachers and students go online to get class material and log attendance, among other things. An application called PowerSchool the school district began using is configured with Cisco UCS running VMware virtual-desktop VMware View connected to data stores residing on NetApp FAS2020 storage. But according to Scott Karen, the school district's director of technology, it became apparent last year year that there were excessive latency issues with the desktop virtual-machine setup when many students tried to log on and use the system at the same time. In addition, teachers in their classrooms all taking attendance at the same time found the system not only slow but leading to file errors.

The lack of caching in the older NetApp FAS 2020 was a problem, Karen says, but he adds that going to a bigger and newer NetApp was not appealing from the school district's budgetary standpoint. However, as a regular attendee at the local VMware user group meetings, where problems are shared and yes, vendors show up to pitch their wares, Karen found what he says was an economical fix for the school district's VM boot storm problems. And that was adding the Avere FXT Series two-node cluster to optimize the read/write capabilities of the system. It was up and going quickly, brought latency to a tolerable point, and it all was a lesson learned about desktop virtualization.